NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.29 05:04
tomcaterror.bmpqoq
04.29 04:04
qoq.ps1
04.29 04:04
Important_Document.pdf...
04.29 04:04
dllbase64reverse.txt.exe
04.29 10:04
RuntimeBroker.exe
04.29 10:04
2555d50c-0b7e-4aa3-8d8...
04.29 10:04
csr.bin
04.29 10:04
test.exe
04.29 10:04
FreePhotoShop%20Meme%2...
04.29 10:04
discord.exe

Latest News
04.30 08:04
홍기하독학기숙학원, 내달 25일 취약과목...
04.30 08:04
Read Motor Speed Bette...
04.30 08:04
Grab Raises Forecast a...
04.30 08:04
Einfarbiger Hintergrun...
04.30 08:04
Zerodays sind überwieg...
04.30 08:04
Cyber experts, Democra...
04.30 07:04
RSAC 2025 executive in...
04.30 07:04
RSAC 2025 executive in...
04.30 07:04
Steuergeld finanziert ...
04.30 07:04
DOJ Google Antitrust C...

NetWork | ZeroBOX

IP Address	Status	Action
104.16.231.132	Active	Moloch
152.199.39.108	Active	Moloch
162.159.134.42	Active	Moloch
164.124.101.2	Active	Moloch

Name	Response	Post-Analysis Lookup
www.healyconsultants.com	CNAME healyconsultants.com A 162.159.134.42	162.159.134.42
typically-nut-personalized-syndication.trycloudflare.com	A 104.16.231.132 A 104.16.230.132	104.16.230.132
nissan-signature-rs-noise.trycloudflare.com	A 104.16.231.132 A 104.16.230.132	104.16.230.132

TCP Requests

UDP Requests

PROPFIND 404 https://nissan-signature-rs-noise.trycloudflare.com/AutoRun.inf

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49181 -> 162.159.134.42:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49177 -> 162.159.134.42:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
UDP 192.168.56.101:59002 -> 164.124.101.2:53	2034552	ET POLICY Observed DNS Query to Commonly Abused Cloudflare Domain (trycloudflare .com)	Potentially Bad Traffic
TCP 192.168.56.101:49178 -> 162.159.134.42:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
UDP 192.168.56.101:53004 -> 164.124.101.2:53	2034552	ET POLICY Observed DNS Query to Commonly Abused Cloudflare Domain (trycloudflare .com)	Potentially Bad Traffic
UDP 192.168.56.101:54148 -> 164.124.101.2:53	2034552	ET POLICY Observed DNS Query to Commonly Abused Cloudflare Domain (trycloudflare .com)	Potentially Bad Traffic
TCP 192.168.56.101:49176 -> 162.159.134.42:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49179 -> 162.159.134.42:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49194 -> 104.16.231.132:443	2058175	ET HUNTING TryCloudFlare Domain in TLS SNI	Misc activity
TCP 192.168.56.101:49194 -> 104.16.231.132:443	2060250	ET INFO Observed trycloudflare .com Domain in TLS SNI	Misc activity
TCP 192.168.56.101:49194 -> 104.16.231.132:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49161 104.16.231.132:443	C=US, O=Google Trust Services, CN=WR1	CN=trycloudflare.com	c1:f5:d9:f4:2e:e4:62:4a:93:1f:06:f7:a0:22:d4:38:59:bf:bd:94
TLSv1 192.168.56.101:49193 104.16.231.132:443	C=US, O=Google Trust Services, CN=WR1	CN=trycloudflare.com	c1:f5:d9:f4:2e:e4:62:4a:93:1f:06:f7:a0:22:d4:38:59:bf:bd:94
TLSv1 192.168.56.101:49175 104.16.231.132:443	C=US, O=Google Trust Services, CN=WR1	CN=trycloudflare.com	c1:f5:d9:f4:2e:e4:62:4a:93:1f:06:f7:a0:22:d4:38:59:bf:bd:94
TLSv1 192.168.56.101:49163 104.16.231.132:443	C=US, O=Google Trust Services, CN=WR1	CN=trycloudflare.com	c1:f5:d9:f4:2e:e4:62:4a:93:1f:06:f7:a0:22:d4:38:59:bf:bd:94
TLSv1 192.168.56.101:49194 104.16.231.132:443	C=US, O=Google Trust Services, CN=WR1	CN=trycloudflare.com	c1:f5:d9:f4:2e:e4:62:4a:93:1f:06:f7:a0:22:d4:38:59:bf:bd:94

Snort Alerts

No Snort Alerts